Zero-day vulnerability in Windows captured by our technologies

10

Oct

2018

Usually, you need to teach security solutions about new vulnerabilities, but sometimes, Kaspersky Lab technologies teach us about new zero-days. This is just that kind of case. Our Automatic Exploit Prevention technology recently detected a new kind of cyberattack that tried to use a previously unknown exploit on a yet-undiscovered operating system vulnerability.

Analyzing the case, our experts figured out that the vulnerability was in win32k.sys, a Win32 Driver file. They immediately informed Microsoft about the issue so that their specialists could swiftly craft a security patch. On October 9, they disclosed the existence of the vulnerability and published a corresponding update that, among other things, fixed the CVE-2018-8453 vulnerability.